“IRS continues to, among other things, allow sensitive information, including IDs and passwords for mission-critical applications, to be readily available to any user on its internal network, and grant excessive access to individuals who do not need it.”
–GAO Information Security Report, January 2009
A new report from the Government Accountability Office (otherwise known as “the congressional watchdog”) shows the IRS to be slacking. They’ve identified some pretty big security gaps when it comes to protecting information like our Social Security numbers, addresses, and financial information.
From easily guessed and unprotected passwords to unencrypted data traversing the networks, cyber security problems abound. Employees have wide access to sensitive files well beyond a “need to know” basis. Even the security officers who guard the data centers and equipment aren’t up to snuff: the GAO investigators easily snuck prohibited items like digital cameras into the facility.
But this isn’t really a surprise. I mean, government offices are not impenetrable fortresses operated by fail-safe machines. Like any other office, there is the capacity for human blunder. And fraud. Employees get lazy, protocols become lax, and overburdened supervisors have less and less time to monitor their reports. Anyone with dishonest intentions can start spotting the security loopholes. And from there, hoards of taxpayer information can be gleaned without as much as a raised eyebrow.
The IRS promises to develop a plan that addresses each of the recommendations in the GAO report. But will that be enough? And what damage can be done in the meantime?
As usual, it’s ultimately up to us to protect ourselves. But we certainly don’t have the power to close all of the security gaps in the IRS system (or anywhere else that our information resides, for that matter). If someone gets a hold of our Social Security numbers, bank account information, names and addresses, an identity theft nightmare is likely to ensue.
Truthfully, there is no surefire way to prevent identity theft. But by checking your credit report regularly, you will catch the first instances of the crime as soon as they happen—and before they can wreck your credit. Signing up for a credit monitoring service is even better, because you’ll receive automatic alerts the instant a new account is opened in your name.
Don’t assume that your personal information is safe with the IRS and other large data institutions. Start monitoring your credit today to make sure your information hasn’t gotten into the wrong hands.